Several Founders, Co-Founders, CXO Bankers, CXO Fintech professionals & people who participated in the ePanel discussions:
- Mr. Sivakumar Krishnan, former Delivery Head, FIS
- Mr. Sunil Kulkarni, CEO (Designate)- SRO & Head, Business Correspondent Federation of India
- Mr. Krishnamurthy Varasani, Former General Manager Andhra Bank
- Mr. Gajendra Tupsamudre, Chief Manager IT, Bank of Baroda
- Mr. Ravi Kadam, Business Technologist, Freelance
- Mr. Rishi Prakash Mantri, Head of Business Solution Group, ICICI Housing Finance Company
- Mr. Narayanan S, General Manager Business Solutions, Associate Director, Principal Consultant, Cognizant
- Mr. Vishweshwaran R, Senior Vice President – Digital and Customer journeys, IDFC FIRST Bank
- Mr. C V Ramana Rao, Sr Manager, Punjab National Bank
- Mr. Raghu Veer Dendukuri, Founder, Ideal Nation, and Solution Architect at Invincible Tech Systems Inc.
- Mr. Taron Mohan, Owner, NextGen Telesolutions Pvt Ltd
- Mr. Sharad Goklani, President and CTO at AU Small Finance Bank
- Mr. Ruchir Inamdar, Head of Business Development, Repute
- Mr. Arun Tanksali, Co-founder & CTO, Nearex
- Ms. Deepti Machavolu, Senior Manager, Learning & Development, Suryoday Small Finance Bank Ltd
- Mr. Anil Kumar Gupta, Partner, MSC
- Mr. Amitabh Rai, Deputy General Manager, Punjab National Bank
- Mr. Satya Vishnubhotla, Former Country Manager, AsiaCollect
- Mr. Deep Shah, Lead AePS, NPCI
- Mr. Sarika Agarwal, Vice President, Transaction Solutions International (India) Pvt Ltd
- Mr. Vikas R Panditrao, Co-Founder, Forum of Industry and Academic Knowledge Sharing (FIAKS)
- Many other CEO/CXO Bankers & Fintech professionals on FIAKS Forum requested to remain anonymous
Online frauds appear to be exponentially growing. Every alternate day members are reporting some of the other frauds. Sharing one such reported fraud by an intellectual FIAKS community member. The member states that he received below two messages since morning from the bank, although he does not maintain any account with them. These transactions are happening in Pratapgarh, UP while he is in West Bengal.
Message 1: Your transaction of amount 510.0 against AEPS Cash Withdrawal dated 24/10/2021 at 16:49:14 is successful with Txn ID/RRN 129716157713. Avl Bal 1,438.20. Please find the receipt of your transaction at the (link)
Message 2: Your transaction of amount 2000.0 against AEPS Cash Withdrawal dated 24/10/2021 at 10:32:26 is failed with Txn ID/RRN 129710879161. Please find the receipt of your transaction at the (link)
Sample receipt displayed when the link is clicked is as under;
Now here are the concerns raised by the member related to AePS:
Question 1: Is it the case where my mobile number is fed in some other person’s account with the bank?
- Since this message is coming from Airtel, it seems a simple case of the wrong account number in the bank account. Assuming both transactions, the first failed due to insufficient balance (2K).
- Maybe the community member’s mobile number is fed in some other persons’ a/c or maybe this number was used previously by this person. Another member quite likely seconds this point, he used to get transaction alerts for someone else’s account. It was in the same bank where he was holding an account.
- The problem is this is too common it seems. If someone gets a message that your property is successfully sold to XYZ due to an incorrect mobile number entry that person will not sleep for weeks!
Question 2: Is it that someone has registered/seeded my mobile number in his or her Aadhaar?
- According to a member most likely reason is that somebody has fed his mobile number in the bank account transacting on AePS. For AePS authentication he needs bio authentication which is probably not happening. The community member may visit the UIDAI website to check his authentication history for successful as well as failed transactions.
- Another member mentions, on AePS transactions, UIDAI doesn’t send any SMS so it is not like someone else has registered his mobile number in his or her Aadhaar. The SMS is either from the bank where the account is maintained or the BC (business correspondent) application where the transaction is initiated. So there are two scenarios :
- The mobile number is registered at the bank account level. Which doesn’t seem the case as the bank validates mobile number registration with OTP.
- The person is providing this mobile number at the BC location, SMS is being sent from the system where the transaction is initiated. There is no validation at this level, the system simply sends transaction status on the provided mobile number.
Let’s view some further conjectures made by members regarding the whole scenario;
- From a cursory look, this doesn’t seem like a fraud, it seems that a business correspondent has entered the wrong mobile number of the recipient and it got delivered to this member. In a few of the acquirer banks, along with the physical receipt, they take the beneficiary’s number also to send an e-copy of the receipt. In this scenario, person A might have done transactions with X business correspondent and mistakenly/intentionally put the number of person B
- The user needs to check the sender ID of SMS. If it is a numeric/mobile number, it is a fraud. This situation is now made complicated by telecom companies allowing e-commerce companies to use numeric sender ID for transactional messages. If it is non-numeric with bank name, it is a transactional message of account debit which only goes to registered mobile number in all cases.
- It can happen in the below manner;
Register and Read the complete discussions